Index
A
- Access Control Listing (ACL) / Taking advantage of SNMP
- Access Point (AP) / Compromising enterprise implementations of WPA/WPA2
- access rights
- escalating, in Active Directory / Escalating access rights in Active Directory
- accounts
- creating / Creating additional accounts
- acknowledge (ACK) packets / Modifying packet parameters
- Active Directory
- setting up / Setting up an Active Directory and Domain Controller
- users, adding to / Adding users to the Active Directory
- access rights, escalating in / Escalating access rights in Active Directory
- active fingerprinting / Fingerprinting the operating system
- active passive reconnaissance / Basic principles of reconnaissance
- Active Scripting language / Conducting attacks using VBScript
- active services
- determining / Determining active services
- activities, on compromised local system
- about / Activities on the compromised local system
- rapid reconnaissance, conducting of compromised system / Conducting rapid reconnaissance of a compromised system
- sensitive data, finding / Finding and taking sensitive data – pillaging the target
- sensitive data, taking / Finding and taking sensitive data – pillaging the target
- target, pillaging / Finding and taking sensitive data – pillaging the target
- post-exploitation tools / Post-exploitation tools
- advanced operator, Google guide
- reference / Using dork scripts to query Google
- advanced persistent threat (APT) / Conducting attacks using VBScript
- aircrack-ng
- reference / Configuring Kali for wireless attacks
- Amazon CloudFront
- using, for C2 / Using Amazon CloudFront for C2
- Amazon Machine Interface (AMI) / Kali on AWS Cloud
- Amazon Web Services (AWS)
- about / Kali on AWS Cloud
- reference / Kali on AWS Cloud
- antivirus
- bypassing, with files / Bypassing the antivirus with files
- Veil framework, using / Using the Veil framework
- Shellter, using / Using Shellter
- evading / Going fileless and evading antivirus
- application-level controls
- bypassing / Bypassing application-level controls
- past client-side firewalls, tunneling with SSH / Tunneling past client-side firewalls using SSH
- application-specific attacks
- about / Application-specific attacks
- access credentials, brute-forcing / Brute-forcing access credentials
- injection attacks / Injection
- Application Programming Interface (API) / Framework core
- APTs (Advanced Persistent Threats) / Threat intelligence
- ardrone-tool
- reference / Common tools
- Arduino-based attack vector / The Social Engineering Toolkit (SET)
- ARMEL / Introduction to Kali Linux – features
- ARMHF / Introduction to Kali Linux – features
- Armitage
- multiple targets, exploiting / Exploiting multiple targets with Armitage
- at command / Escalating from administrator to system
- attack
- escalating, DNS redirection used / Escalating an attack using DNS redirection
- evidence, hiding / Hiding evidence of an attack
- attacker's URL
- obfuscating / Hiding executables and obfuscating the attacker's URL
- attacker kill chain / The testing methodology
- attack methods
- about / Methodology and attack methods
- technology / Technology
- computer-based / Computer-based
- mobile-based / Mobile-based
- people-based attacks / People-based
- attacks
- conducting, VBScript used / Conducting attacks using VBScript
- AWUS036NH adapter / Configuring Kali for wireless attacks
B
- backdoor / Persistence
- backdooring
- about / Backdooring executable files
- executable files / Backdooring executable files
- baiting / Computer-based
- Bash scripts
- used, for customizing Kali / Using Bash scripts to customize Kali
- Basic Service Set Identifier (BSSID) / Wireless reconnaissance
- BeEF, and Metasploit attacks
- integrating / Integrating BeEF and Metasploit attacks
- BeEF Browser / Understanding BeEF Browser
- BeEF modules
- binwalk / Common tools
- bit-flipping attack / Bit-flipping attack
- bootloaders
- about / Understanding bootloaders
- U-Boot / Understanding bootloaders
- RedBoot / Understanding bootloaders
- BareBox / Understanding bootloaders
- Boot Up Manager (BUM) / Speeding up Kali operations
- Browser Exploitation Framework (BeEF)
- about / The Browser Exploitation Framework (BeEF)
- configuring / Configuring the BeEF
- color-coding scheme / Understanding BeEF Browser
- using, as tunneling proxy / Using BeEF as a tunneling proxy
- brute-force attacks / Brute-force attacks
- bulk transfer
- using, as mode of phishing / Using bulk transfer as a mode of phishing
- Burp Proxy
- about / Burp Proxy
- functions / Burp Proxy
- using / Burp Proxy
C
- C2
- Amazon CloudFront, using for / Using Amazon CloudFront for C2
- Microsoft Azure, using for / Using Microsoft Azure for C2
- censys.io / Shodan and censys.io, Identifying the external network infrastructure
- CeWL
- used, for mapping website / Using CeWL to map a website
- Chameleon Mini
- used, for cloning RFID / Cloning RFID using Chameleon Mini
- cloning, RFID used / Cloning RFID using Chameleon Mini
- chntpw
- using / samdump2 and chntpw
- Cipher Block Chain (CBC) / Bit-flipping attack
- client-side proxy
- about / Client-side proxies
- Burp Proxy / Burp Proxy
- web crawling / Web crawling and directory brute-force attacks
- directory brute-force attacks / Web crawling and directory brute-force attacks
- web service-specific vulnerability scanners / Web service-specific vulnerability scanners
- cnu-fpu
- reference / Common tools
- collaborative penetration testing
- managing, Faraday used / Managing collaborative penetration testing using Faraday
- command injection exploiter (commix)
- about / OS command injection using commix
- OS command injection / OS command injection using commix
- command line
- website, mirroring / Mirroring a website from the command line
- commercial vulnerability scanners
- about / Commercial vulnerability scanners
- Nessus / Nessus
- Nexpose / Nexpose
- Common User Password Profiler (CUPP) / Profiling users for password lists
- Common vulnerabilities and exposures (CVE) / Locating and verifying publicly available exploits
- community strings, SNMP
- public / Taking advantage of SNMP
- private / Taking advantage of SNMP
- components, embedded systems
- hardware / Embedded system basic architecture
- operating system / Embedded system basic architecture
- application software / Embedded system basic architecture
- comprehensive reconnaissance applications
- compromised local system
- activities / Activities on the compromised local system
- computer-based attacks
- email phishing / Computer-based
- baiting / Computer-based
- Wi-Fi phishing / Computer-based
- content delivery network (CDN)
- about / Using Amazon CloudFront for C2
- creating / Using Amazon CloudFront for C2
- Content Management System (CMS)
- about / Reconnaissance of web apps, Fingerprinting a web application and CMS
- fingerprinting / Fingerprinting a web application and CMS
- CrackMapExec (CME)
- about / CrackMapExec
- protocols / CrackMapExec
- modules / CrackMapExec
- databases / CrackMapExec
- credential harvester attack method / The Social Engineering Toolkit (SET), Using a website attack vector – the credential harvester attack method
- credential harvesting
- about / Credential harvesting and escalation attacks
- password sniffers / Password sniffers
- responder / Responder
- SMB relay attacks / SMB relay attacks
- Cross-Site Scripting (XSS) / Objective-based penetration testing, The Cross-Site Scripting framework
- Cross-Site Scripting Framework (XSSF)
- cross site request forgery (CSRF) / The Cross-Site Scripting framework
- custom wordlists
- creating, for cracking passwords / Creating custom wordlists for cracking passwords
- CVE Details
- reference / Fingerprinting a web application and CMS
D
- Dark Web / Dark web
- data dump sites / Data dump sites
- Data Exfiltration Toolkit (DET)
- Data Leakage Prevention (DLP) / Using the Data Exfiltration Toolkit (DET)
- Deep Magic Information Gathering Tool (DMitry) / Employing comprehensive reconnaissance applications
- defensive OSINT
- about / Defensive OSINT
- Dark Web / Dark web
- security breaches / Security breaches
- threat intelligence / Threat intelligence
- Denial-of-Service (DoS) attacks
- against wireless communications / Denial-of-service (DoS) attacks against wireless communications
- directory brute-force attacks / Web crawling and directory brute-force attacks
- disk cleanup
- using, to bypass UAC in Windows 10 / Using Disk Cleanup to bypass UAC in Windows 10
- DLL injection / DLL injection
- DNS protocol
- using / Using the DNS protocol
- dnsrecon / IPv4
- DNS reconnaissance / Offensive OSINT, DNS reconnaissance and route mapping
- DNS redirection
- used, for escalating attack / Escalating an attack using DNS redirection
- DNSteal
- about / Using the DNS protocol
- download link / Using the DNS protocol
- Docker
- download link / Installing to a Docker Appliance
- Docker Appliance
- Kali Linux (Kali), installing to / Installing to a Docker Appliance
- domain
- Metasploitable3 Windows, adding to / Adding Metasploitable3 Windows to the new domain
- Domain Controller
- setting up / Setting up an Active Directory and Domain Controller
- domain fronting
- about / Domain fronting
- Amazon CloudFront, using for C2 / Using Amazon CloudFront for C2
- Microsoft Azure, using for C2 / Using Microsoft Azure for C2
- domain gathering
- with Sublist3r / Domain gathering using Sublist3r
- Domain Name System (DNS) / Maltego
- domain trusts
- compromising / Compromising domain trusts and shares
- Dork / Google Hacking Database
- dork scripts
- used, for querying Google / Using dork scripts to query Google
- Dropbox
- using / Dropbox
- Dropbox stager
- setting up / Dropbox
- Dynamic Host Configuration Protocol (DHCP) / Configuring network services and secure communications, DHCP information
- dynamic link library (DLL) / Activities on the compromised local system
E
- email addresses
- gathering / Gathering usernames and email addresses
- email phishing / Computer-based
- embedded systems
- hardware architecture / Embedded systems and hardware architecture
- basic architecture / Embedded system basic architecture
- components / Embedded system basic architecture
- Empire
- about / The Empire project
- commands / The Empire project
- roles / The Empire project
- endpoint security
- disabling / Disabling endpoint security
- remediation, preventing / Preventing remediation
- exceptions, adding / Adding exceptions
- ERESI framework / Common tools
- escalation
- from domain user, to system administrator / Escalating from domain user to system administrator
- from administrator, to system / Escalating from administrator to system
- escalation attacks / Credential harvesting and escalation attacks
- escalation methodology
- Evasion / Using the Veil framework
- executable files
- backdooring / Backdooring executable files
- executables
- exfiltration of data
- about / Exfiltration of data
- with existing system services / Using existing system services (Telnet, RDP, and VNC)
- with DNS protocol / Using the DNS protocol
- with ICMP protocol / Using the ICMP protocol
- with Data Exfiltration Toolkit (DET) / Using the Data Exfiltration Toolkit (DET)
- with PowerShell / Using PowerShell
- Extended Service Set Identifier (ESSID) / Wireless reconnaissance
- Extensible Markup Language (XML) / XML injection
- external network infrastructure
- identifying / Identifying the external network infrastructure
F
- Faraday
- collaborative penetration testing, managing / Managing collaborative penetration testing using Faraday
- about / Managing collaborative penetration testing using Faraday
- FCC ID
- reference / Firmware unpacking and updating
- fileless solution
- adopting / Going fileless and evading antivirus
- fileless techniques
- using / Using fileless techniques
- fodhelper, using to bypass UAC in Windows 10 / Using fodhelper to bypass UAC in Windows 10
- diskcleanup, using to bypass UAC in Windows 10 / Using Disk Cleanup to bypass UAC in Windows 10
- files
- antivirus, bypassing / Bypassing the antivirus with files
- file transfer protocol (FTP) / Port scanning
- fingerprinting / Fingerprinting a web application and CMS
- finished (FIN) packets / Modifying packet parameters
- firmware-mod-kit / Common tools
- firmwares
- about / Understanding firmware
- types / Different types of firmware
- unpacking / Firmware unpacking and updating
- updating / Firmware unpacking and updating
- Flash vulnerabilities
- reference / The hacker's mind map
- Fluxion / Compromising enterprise implementations of WPA/WPA2
- fodhelper
- using, to bypass UAC in Windows 10 / Using fodhelper to bypass UAC in Windows 10
- fragroute / IDS/IPS identification
- Framework–base / Framework base
- Framework–core / Framework core
- full-screen attack method / The Social Engineering Toolkit (SET)
- fuzzing
- vulnerability, identifying / Identifying a vulnerability using fuzzing
G
- Gcat scripts
- reference / Microsoft OneDrive
- Gdog scripts
- reference / Microsoft OneDrive
- Ghost Phisher
- working with / Working with Ghost Phisher
- features / Working with Ghost Phisher
- GitPwnd
- reference / Microsoft OneDrive
- golden-ticket attack / Compromising Kerberos – the golden-ticket attack
- Google
- querying, dork scripts used / Using dork scripts to query Google
- Google Hacking Database / Google Hacking Database
- Gophish
- phishing campaign, setting up / Setting up a phishing campaign with Gophish
H
- hacker
- mind map / The hacker's mind map
- HackRF One / Other tools
- hidden SSID
- bypassing / Bypassing a hidden SSID
- honeypot
- detecting / Detecting honeypot
- hook / The Browser Exploitation Framework (BeEF)
- horizontal escalation / Horizontal escalation and lateral movement
- host enumeration / Enumerating hosts
- hostile scripts
- used, for attacking system / Attacking a system using hostile scripts
- hping3 / Mapping the route to the target
- HTA attack / The Social Engineering Toolkit (SET), HTA attack
I
- I2C (Inter-Integrated circuit) / UART
- IDE (Integrated Development Environment) / Managing collaborative penetration testing using Faraday
- IDS/IPS identification / IDS/IPS identification
- immunity debugger
- reference / Identifying a vulnerability using fuzzing
- impersonation / Physical attacks
- indicators of compromise (IOCs) / Threat intelligence
- infectious media generator / The Social Engineering Toolkit (SET)
- injection attacks
- about / Injection
- OS command injection, with commix / OS command injection using commix
- SQL injection / SQL injection
- XML injection / XML injection
- bit-flipping attack / Bit-flipping attack
- access, maintaining with web shells / Maintaining access with web shells
- Injection Modules / Customizing Nikto and Vega
- Install From Media (IFM) / Escalating access rights in Active Directory
- interactive persistence / Persistence
- Internet Protocol (IP) / IPv4
- intrace / Mapping the route to the target
- Intrusion Detection System (IDS) / IDS/IPS identification
- Intrusion Prevention System (IPS) / IDS/IPS identification
- IPv4 / IPv4
- IPv6 / IPv6
- IPv6-specific tools
- using / Using IPv6-specific tools
- dnsdict6 / Using IPv6-specific tools
- dnsrevenum6 / Using IPv6-specific tools
- covert_send6 / Using IPv6-specific tools
- covert_send6d / Using IPv6-specific tools
- denial6 / Using IPv6-specific tools
- detect-new-ip6 / Using IPv6-specific tools
- detect_sniffer6 / Using IPv6-specific tools
- exploit6 / Using IPv6-specific tools
- fake_dhcps6 / Using IPv6-specific tools
- isolation
- bypassing / Bypassing isolation
J
- Java applet attack method / The Social Engineering Toolkit (SET)
- Joint Test Action Group (JTAG) / Firmware unpacking and updating
K
- Kali Linux (Kali)
- history / Introduction to Kali Linux – features
- features / Introduction to Kali Linux – features
- role, in red team tactics / Role of Kali in red team tactics
- installing / Installing and updating Kali Linux
- updating / Installing and updating Kali Linux
- installing, onto portable device / Using as a portable device
- installing, to Raspberry Pi3 / Installing Kali to Raspberry Pi 3
- installing, on virtual machine / Installing Kali onto a VM
- installing, on VMware Workstation Player / VMware Workstation Player
- installing, on VirtualBox / VirtualBox
- installing, to Docker Appliance / Installing to a Docker Appliance
- on AWS cloud / Kali on AWS Cloud
- organizing / Organizing Kali Linux
- configuring / Configuring and customizing Kali Linux
- customization / Configuring and customizing Kali Linux
- root password, resetting / Resetting the root password
- non-root user, adding / Adding a non-root user
- network services, configuring / Configuring network services and secure communications
- secure communications / Configuring network services and secure communications
- network proxy settings, adjusting / Adjusting network proxy settings
- secure shell, accessing / Accessing the secure shell
- folders, sharing with host operating system / Sharing folders with the host operating system
- customizing, Bash scripts used / Using Bash scripts to customize Kali
- Nessus, installing / Nessus
- Rapid 7 Nexpose, installing / Nexpose
- configuring, for wireless attacks / Configuring Kali for wireless attacks
- Kali operations
- speeding up / Speeding up Kali operations
- Kerberos
- golden-ticket attack / Compromising Kerberos – the golden-ticket attack
- Kerberos silver-ticket attack / Compromising Kerberos – the golden-ticket attack
- Key Distribution Center (KDC) / Compromising Kerberos – the golden-ticket attack
- kill chain / The testing methodology
- kill chain, on attacker
- reconnaissance phase / The testing methodology
- explore phase / The testing methodology
- delivery phase / The testing methodology
- exploit phase / The testing methodology
- compromise phase / The testing methodology
- achieve phase / The testing methodology
- Kismet / Kismet
- Kon-boot
- reference / samdump2 and chntpw
L
- LanMan (LM) hashes / Finding and taking sensitive data – pillaging the target
- large-scale scanning
- about / Large-scale scanning
- DHCP information / DHCP information
- internal network hosts, identifying / Identification and enumeration of internal network hosts
- internal network hosts, enumerating / Identification and enumeration of internal network hosts
- native MS Windows commands / Native MS Windows commands
- ARP broadcasting / ARP broadcasting
- ping sweep / Ping sweep
- scripts, used for combining masscan and nmap scans / Using scripts to combine masscan and nmap scans
- Simple Network Management Protocol (SNMP) / Taking advantage of SNMP
- Windows account information, via SMB sessions / Windows account information via SMB (Server Message Block) sessions
- network shares, locating / Locating network shares
- reconnaissance, of active directory domain servers / Reconnaissance of active directory domain servers
- comprehensive tools (SPARTA), using / Using comprehensive tools (SPARTA)
- SPARTA, configuring / An example to configure SPARTA
- lateral movement
- with services / Lateral movement using services
- libraries, Metasploit Framework (MSF)
- about / Libraries
- REX / REX
- Framework–core / Framework core
- Framework–base / Framework base
- Link-Local Multicast Name Resolution (LLMNR) / Responder
- linset script
- live host discovery / Live host discovery
- load balancers
- load balancing detector (lbd) / Identifying the external network infrastructure, Detection of web application firewall and load balancers
- Local File Inclusion (LFI) / Introduction to RouterSploit Framework
- Local Security Authority (LSA) / Finding and taking sensitive data – pillaging the target
- local system escalation / Local system escalation
- Lua scripting / Introduction to Lua scripting
M
- MAC address authentication
- MalDuino / The MalDuino – the BadUSB
- Maltego
- Maltego Public Servers
- machine selections / Maltego
- MassMailer attack / The Social Engineering Toolkit (SET)
- Media Access Control (MAC) address / Bypassing the MAC address authentication and open authentication
- memory, in embedded devices
- Dynamic Random-Access Memory (DRAM) / Understanding firmware
- Static Random-Access Memory (SRAM) / Understanding firmware
- Read-Only Memory (ROM) / Understanding firmware
- Memory-Mapped NOR Flash / Understanding firmware
- NAND Flash / Understanding firmware
- Secure Digital (SD) Card / Understanding firmware
- Metasploitable3
- about / Metasploitable3
- download link / Metasploitable3
- installing / Metasploitable3
- Metasploitable3 Windows
- adding, to domain / Adding Metasploitable3 Windows to the new domain
- Metasploit browser exploit method / The Social Engineering Toolkit (SET)
- Metasploit framework
- using / The Cross-Site Scripting framework
- persistence, maintaining / Maintaining persistence with the Metasploit framework
- Metasploit Framework (MSF)
- about / The Metasploit Framework, The Metasploit Framework
- libraries / Libraries
- interfaces / Interfaces
- modules / Modules
- target system, exploiting / Modules
- database, setting up / Database setup and configuration
- database, configuring / Database setup and configuration
- targets, exploiting / Exploiting targets using MSF
- single targets, exploiting with simple reverse shell / Single targets using a simple reverse shell
- reverse shell with PowerShell attack vector, used for exploiting single targets / Single targets using a reverse shell with a PowerShell attack vector
- standalone persistent agent, creating / Creating a standalone persistent agent with Metasploit
- Meterpreter
- post-exploitation modules / The Metasploit Framework
- microcomputers/USB-based attack agents
- about / Microcomputer or USB-based attack agents
- Rasberry Pi / The Raspberry Pi
- MalDuino / The MalDuino – the BadUSB
- Microsoft Azure
- using, for C2 / Using Microsoft Azure for C2
- Microsoft Azure CDN
- setting up / Using Microsoft Azure for C2
- Microsoft System Center Configuration Manager (SCCM) / Horizontal escalation and lateral movement
- mind map, hacker
- about / The hacker's mind map
- server-side attacks / The hacker's mind map
- client-side attakcs / The hacker's mind map
- miranda.py / Identifying the external network infrastructure
- mobile-based attacks
- SMSishing / Mobile-based
- Quick Response Code (QR code) / Mobile-based
- mobile applications
- vulnerability scanners / Vulnerability scanners for mobile applications
- Mobile Security Framework (MobSF)
- modules, Metasploit Framework (MSF)
- modules, Veil-Pillage
- credentials / Veil-Pillage
- enumeration / Veil-Pillage
- impacket / Veil-Pillage
- management / Veil-Pillage
- payload_delivery / Veil-Pillage
- persistence / Veil-Pillage
- PowerSploit / Veil-Pillage
- MSF resource files
- multiple targets, exploiting / Exploiting multiple targets using MSF resource files
- msfvenom / Backdooring executable files
- multi-attack web method / The Social Engineering Toolkit (SET)
- multiple targets
- exploiting, with MSF resource files / Exploiting multiple targets using MSF resource files
- exploiting, with Armitage / Exploiting multiple targets with Armitage
- Mutillidae
- about / Mutillidae
- installing / Mutillidae
- download link / Mutillidae
N
- native MS Windows commands
- about / Native MS Windows commands
- nslookup / Native MS Windows commands
- net view / Native MS Windows commands
- net share / Native MS Windows commands
- net use / Native MS Windows commands
- net user / Native MS Windows commands
- arp / Native MS Windows commands
- route / Native MS Windows commands
- netstat / Native MS Windows commands
- nbtstat / Native MS Windows commands
- wmic / Native MS Windows commands
- reg / Native MS Windows commands
- for / Native MS Windows commands
- near field communications (NFC) / Cloning RFID using Chameleon Mini
- Nessus
- Netcat
- used, for writing port scanner / Writing your own port scanner using netcat
- about / Employing Netcat as a persistent agent
- functions / Employing Netcat as a persistent agent
- employing, as persistent agent / Employing Netcat as a persistent agent
- Network Access Control (NAC)
- bypassing / Bypassing Network Access Control (NAC)
- pre-admission NAC / Bypassing Network Access Control (NAC), Pre-admission NAC
- post-admission NAC / Bypassing Network Access Control (NAC), Post-admission NAC
- Network Mapper (nmap) / Modifying packet parameters
- Nikto
- about / Introduction to Nikto and Vega
- reference / Introduction to Nikto and Vega
- customizing / Customizing Nikto and Vega
- NirSoft
- reference / Activities on the compromised local system
- Nmap
- about / Identifying the external network infrastructure
- for vulnerability scanning / Vulnerability scanning with Nmap
- NSE scripts
- usage / Vulnerability scanning with Nmap
- customizing / Customizing NSE scripts
- NT LanMan (NTLM) hashes / Finding and taking sensitive data – pillaging the target
O
- objective-based penetration testing / Objective-based penetration testing
- offensive OSINT / Offensive OSINT
- Offensive Web Testing Framework (OWTF) / OS command injection using commix
- OneDrive
- using / Microsoft OneDrive
- onedrive c2c
- setting up / Microsoft OneDrive
- Open-source intelligence (OSINT)
- about / Open source intelligence
- offensive / Open source intelligence, Offensive OSINT
- defensive / Open source intelligence
- Maltego, using for / Maltego
- open authentication
- OpenVAS network vulnerability scanner / The OpenVAS network vulnerability scanner
- Open Vulnerability Assessment System (OpenVAS)
- about / The OpenVAS network vulnerability scanner
- customizing / Customizing OpenVAS
- Open Web Application Security Project (OWASP)
- reference / Reconnaissance of web apps
- operating system
- fingerprinting / Fingerprinting the operating system
- operating systems, firmware analysis
- Ambarella / Different types of firmware
- Cisco IOS / Different types of firmware
- DOS / Different types of firmware
- eCos / Different types of firmware
- L4 microkernel family / Different types of firmware
- VxWorks /Wind River / Different types of firmware
- Windows CE/NT / Different types of firmware
- Ordnance / Using the Veil framework
- Organizational Unique Identifier / Bypassing the MAC address authentication and open authentication
- Original Equipment Manufacturer (OEM) / Firmware unpacking and updating
- OS command injection
- with commix / OS command injection using commix
- OSINT data
- gathering, scripts used / Using scripts to automatically gather OSINT data
- OSRFramework
- about / OSRFramework
- usufy / OSRFramework
- searchfy / OSRFramework
- mailfy / OSRFramework
P
- Packer
- reference / Metasploitable3
- packet capture (pcap) / Adjusting source IP stack and tool identification settings
- passive fingerprinting / Fingerprinting the operating system
- passive reconnaissance / Basic principles of reconnaissance
- password lists
- users, profiling for / Profiling users for password lists
- password sniffers / Password sniffers
- past client-side firewalls
- tunneling, with SSH / Tunneling past client-side firewalls using SSH
- Penetration Testers Framework (PTF) / OS command injection using commix
- penetration testing (Pentest) / Misconceptions of vulnerability scanning, penetration testing, and red team exercises
- people-based attacks
- about / People-based
- physical attacks / Physical attacks
- voice-based / Voice-based
- persistence
- about / Persistence
- maintaining, with Metasploit framework / Maintaining persistence with the Metasploit framework
- with online file storage cloud services / Persistence using online file storage cloud services
- persistence script
- using / Using the persistence script
- persistent agents
- about / Persistence
- functions / Persistence
- using / Using persistent agents
- Netcat, using as / Employing Netcat as a persistent agent
- persistent task
- configuring, schtasks used / Using schtasks to configure a persistent task
- phishing attack
- launching / Launching a phishing attack
- phishing campaign
- setting up, Gophish used / Setting up a phishing campaign with Gophish
- physical attacks
- impersonation / Physical attacks
- at console / Physical attacks
- physical attacks, at console
- about / Physical attacks at the console
- samdump2, using / samdump2 and chntpw
- chntpw, using / samdump2 and chntpw
- sticky keys / Sticky keys
- pillaging / Finding and taking sensitive data – pillaging the target
- ping sweep / Ping sweep
- pivoting / Pivoting and port forwarding
- portable device
- Kali Linux (Kali), installing onto / Using as a portable device
- port forwarding / Pivoting and port forwarding
- port scanner
- writing, netcat used / Writing your own port scanner using netcat
- port scanning / Port scanning
- post-admission NAC
- about / Post-admission NAC
- isolation, bypassing / Bypassing isolation
- honeypot, detecting / Detecting honeypot
- post-exploitation modules, Meterpreter / The Metasploit Framework
- post-exploitation tools
- about / Post-exploitation tools
- Metasploit Framework (MSF) / The Metasploit Framework
- Empire / The Empire project
- CrackMapExec (CME) / CrackMapExec
- PowerShell
- PowerShell alphanumeric shellcode injection attack
- PowerShell attack vectors / The Social Engineering Toolkit (SET)
- pre-admission NAC
- about / Pre-admission NAC
- elements, adding / Adding new elements
- rules, identifying / Identifying the rules
- endpoint security, disabling / Disabling endpoint security
- pre-shared key (PSK) / Attacking WPA and WPA2
- Privileged Account Certificate (PAC) / Compromising Kerberos – the golden-ticket attack
- proof of concept (POC) / Local and online vulnerability databases
- Proxychains
- using / Using Proxychains
- PsExec
- about / PsExec, WMIC, and other tools
- download link / PsExec, WMIC, and other tools
- public exploits
- using / Using public exploits, Compiling and using exploits
- locating / Locating and verifying publicly available exploits
- verifying / Locating and verifying publicly available exploits
- Exploit-DB (EDB) / Locating and verifying publicly available exploits
- searchsploit ftp windows remote / Locating and verifying publicly available exploits
- SecurityFocus / Locating and verifying publicly available exploits
- compiling / Compiling and using exploits
- C files, compiling / Compiling C files
- adding / Adding the exploits that are written using the MSF as a base
- Pyrit
- download link / Brute-force attacks
Q
- QRcode generator attack vector / The Social Engineering Toolkit (SET)
- Quick Response Code (QR code) / Mobile-based
R
- Radio Frequency Identification (RFID)
- cloning, Chameleon Mini used / Cloning RFID using Chameleon Mini
- Rapid 7 Nexpose
- rapid reconnaissance
- conducting, of compromised system / Conducting rapid reconnaissance of a compromised system
- Rasberry Pi
- about / The Raspberry Pi
- configuring, as attack vector / The Raspberry Pi
- Raspberry Pi3
- Kali Linux (Kali), installing to / Installing Kali to Raspberry Pi 3
- real-time operating systems (RTOS) / Embedded system basic architecture
- Reaver
- used, for attacking wireless routers / Attacking wireless routers with Reaver
- recon-ng framework
- about / The recon-ng framework
- functionalities / The recon-ng framework
- IPv4 / IPv4
- IPv6 / IPv6
- reconnaissance
- basic principles / Basic principles of reconnaissance
- passive reconnaissance / Basic principles of reconnaissance
- active passive reconnaissance / Basic principles of reconnaissance
- reconnaissance phase, kill chain
- passive / The testing methodology
- active / The testing methodology
- red team exercise (RTE) / Misconceptions of vulnerability scanning, penetration testing, and red team exercises
- registers, Windows exploit
- EAX / Developing a Windows exploit
- EBX / Developing a Windows exploit
- ECX / Developing a Windows exploit
- EDX / Developing a Windows exploit
- ESI/EDI / Developing a Windows exploit
- EBP / Developing a Windows exploit
- Extended Instruction Pointer (EIP) / Developing a Windows exploit
- Extended Stack Pointer (ESP) / Developing a Windows exploit
- GS / Developing a Windows exploit
- SS / Developing a Windows exploit
- CS / Developing a Windows exploit
- FS / Developing a Windows exploit
- NOP / Developing a Windows exploit
- DS / Developing a Windows exploit
- JMP / Developing a Windows exploit
- ES / Developing a Windows exploit
- Remote Administration Tool Tommy Edition (RATTE) / The Social Engineering Toolkit (SET)
- reset (RST) packets / Modifying packet parameters
- responder / Responder
- Response Processing Modules / Customizing Nikto and Vega
- REX / REX
- rogue physical device
- creating / Creating a rogue physical device
- about / Wireless reconnaissance
- roles, Empire
- listeners / The Empire project
- stagers / The Empire project
- agents / The Empire project
- logging and downloads / The Empire project
- rootkit / Persistence
- route mapping / DNS reconnaissance and route mapping, Mapping the route to the target
- RouterSploit Framework
- rules, pre-admission NAC
- identifying / Identifying the rules
- exceptions / Exceptions
- quarantine rules / Quarantine rules
S
- samdump2
- using / samdump2 and chntpw
- schtasks
- used, for configuring persistent task / Using schtasks to configure a persistent task
- scraping / Scraping
- scripts
- used, for gathering OSINT data / Using scripts to automatically gather OSINT data
- Secure Shell (SSH)
- past client-side firewalls, tunneling / Tunneling past client-side firewalls using SSH
- inbound to outbound connection, establishing / Inbound to outbound
- URL-filtering mechanisms, bypassing / Bypassing URL filtering mechanisms
- outbound to inbound connection, establishing / Outbound to inbound
- Security Accounts Manager (SAM) / samdump2 and chntpw, Finding and taking sensitive data – pillaging the target
- security breach / Security breaches
- Security Identification (SID) / Access and authorization
- security testing
- overview / Conceptual overview of security testing
- Sender Policy Framework (SPF) / Maltego, IPv4
- Sensepost
- reference / Using the Data Exfiltration Toolkit (DET)
- Serial Peripheral Interface (SPI) / UART
- Service Principle Name (SPN) server / Communications security
- SEToolkit / The Social Engineering Toolkit (SET)
- shellcode / Conducting attacks using VBScript
- Shellter
- using / Using Shellter
- Shodan / Shodan and censys.io, Identifying the external network infrastructure
- Simple Network Management Protocol (SNMP) / Taking advantage of SNMP
- SMB relay attacks / SMB relay attacks
- SMSishing / Mobile-based
- SMS spoofing attack vector / The Social Engineering Toolkit (SET)
- Social Engineering Toolkit (SET) / The recon-ng framework, The Social Engineering Toolkit (SET)
- Software as a Service (SaaS) / Kali on AWS Cloud, Reconnaissance of web apps
- spear phishing attack / Spear phishing attack
- specialized scanners / Specialized scanners
- SQL injection / SQL injection
- standalone persistent agent
- creating, with Metasploit Framework (MSF) / Creating a standalone persistent agent with Metasploit
- stealth scanning strategies
- about / Stealth scanning strategies
- source IP stack settings, adjusting / Adjusting source IP stack and tool identification settings
- tool identification settings, adjusting / Adjusting source IP stack and tool identification settings
- packet parameters, modifying / Modifying packet parameters
- proxies, using with anonymity networks / Using proxies with anonymity networks
- sticky keys / Sticky keys
- Sublist3r / Domain gathering using Sublist3r
- synchronize (SYN) packets / Modifying packet parameters
- systems
- attacking, hostile scripts used / Attacking a system using hostile scripts
- attacking, Windows PowerShell used / Attacking systems using Windows PowerShell
T
- tabnabbing attack method / The Social Engineering Toolkit (SET), Using a website attack vector – the tabnabbing attack method
- targets
- primary targets / Threat modeling
- secondary targets / Threat modeling
- tertiary targets / Threat modeling
- TCP/IP Swiss army knife / Employing Netcat as a persistent agent
- Test Access Port (TAP) / Firmware unpacking and updating
- testing methodology / The testing methodology
- THC-IPv6 Attack Toolkit / Using IPv6-specific tools
- theHarvester / Gathering usernames and email addresses
- threat intelligence / Threat intelligence
- threat modeling / Threat modeling
- Threatnine
- reference / Introduction to RouterSploit Framework
- Ticket-Granting Ticket (TGT) / Compromising Kerberos – the golden-ticket attack
- Ticket Granting Service (TGS) ticket / Compromising Kerberos – the golden-ticket attack
- time to live (TTL) / Mapping the route to the target
- toolkits, Kali Linux
- binwalk / Common tools
- firmware-mod-kit / Common tools
- ERESI framework / Common tools
- cnu-fpu / Common tools
- ardrone-tool / Common tools
- tools, wireless reconnaissance
- Kismet / Kismet
- Tor
- reference / Using proxies with anonymity networks
- installing / Using proxies with anonymity networks
- considerations / Using proxies with anonymity networks
- Tor-Buddy script
- reference / Using proxies with anonymity networks
- trace6 / Mapping the route to the target
- traceroute
- reference / Mapping the route to the target
- about / Mapping beyond the firewall
- Trivial File Transfer Protocol (TFTP) / Employing Netcat as a persistent agent
- twofi
- words, extracting from Twitter / Extracting words from Twitter using twofi
U
- Universal Asynchronous Receiver/Transmitter (UART) / UART
- Unreal IRCD attack / Database setup and configuration
- URL-filtering mechanisms
- bypassing / Bypassing URL filtering mechanisms
- USBJTAGNT
- download link / Firmware unpacking and updating
- USB to TTL (Transistor/Transistor Logic) / UART
- User Account Control (UAC)
- bypassing / User Account Control (UAC)
- settings / User Account Control (UAC)
- limitation, to bypass / User Account Control (UAC)
- user accounts
- normal user / Overview of the common escalation methodology
- local administrator / Overview of the common escalation methodology
- delegated administrator / Overview of the common escalation methodology
- domain administrator / Overview of the common escalation methodology
- enterprise administrator / Overview of the common escalation methodology
- schema administrator / Overview of the common escalation methodology
- useragents
- User Datagram Protocol (UDP) / Using proxies with anonymity networks
- user information
- obtaining / Obtaining user information
- usernames
- gathering / Gathering usernames and email addresses
- users
- adding, to Active Directory / Adding users to the Active Directory
- profiling, for password lists / Profiling users for password lists
V
- Vagrant
- reference / Metasploitable3
- Vega
- about / Introduction to Nikto and Vega
- customizing / Customizing Nikto and Vega
- reference / Customizing Nikto and Vega
- Veil-Pillage
- about / Veil-Pillage
- modules / Veil-Pillage
- Veil framework
- using / Using the Veil framework
- Evasion / Using the Veil framework
- Ordnance / Using the Veil framework
- verification lab
- building / Building a verification lab
- VirtualBox
- Kali Linux (Kali), installing on / VirtualBox
- download link / VirtualBox
- virtual machine
- Kali Linux (Kali), installing onto / Installing Kali onto a VM
- VirusTotal
- ViShing / Voice-based
- Visual Basic Scripting (VBScript)
- about / Conducting attacks using VBScript
- used, for conducting attacks / Conducting attacks using VBScript
- VMware Workstation Player
- Kali Linux (Kali), installing on / VMware Workstation Player
- download link / VMware Workstation Player
- vulnerability
- online databases / Local and online vulnerability databases
- identifying, via fuzzing / Identifying a vulnerability using fuzzing
- vulnerability scanners
- for mobile applications / Vulnerability scanners for mobile applications
- Arachnid / Web service-specific vulnerability scanners
- GoLismero / Web service-specific vulnerability scanners
- Nikto / Web service-specific vulnerability scanners
- Skipfish / Web service-specific vulnerability scanners
- Vega / Web service-specific vulnerability scanners
- w3af / Web service-specific vulnerability scanners
- Wapiti / Web service-specific vulnerability scanners
- Webscarab / Web service-specific vulnerability scanners
- Webshag / Web service-specific vulnerability scanners
- WebSploit / Web service-specific vulnerability scanners
- vulnerability scanning (Vscan)
- about / Misconceptions of vulnerability scanning, penetration testing, and red team exercises, Vulnerability nomenclature
- with Nmap / Vulnerability scanning with Nmap
- with Lua scripting / Introduction to Lua scripting
- NSE scripts, customizing / Customizing NSE scripts
- vulnerable server / Identifying a vulnerability using fuzzing
W
- web application
- hacking, methodology / Web application hacking methodology
- reconnaissance / Reconnaissance of web apps
- fingerprinting / Fingerprinting a web application and CMS
- Web Application Attack and Audit Framework (w3af) / Specialized scanners
- Web Application Firewall (WAF)
- web application vulnerability scanners
- web archives / Web archives
- web crawling / Web crawling and directory brute-force attacks
- web jacking attack method / The Social Engineering Toolkit (SET)
- web service-specific vulnerability scanners / Web service-specific vulnerability scanners
- web shells
- access, maintaining / Maintaining access with web shells
- website
- mapping, CeWL used / Using CeWL to map a website
- mirroring, from command line / Mirroring a website from the command line
- website attack vector
- credential harvester attack method / Using a website attack vector – the credential harvester attack method
- tabnabbing attack method / Using a website attack vector – the tabnabbing attack method
- Website Attack Vectors
- multiple web-based attacks / The Social Engineering Toolkit (SET)
- Weevely / Maintaining access with web shells
- whois command / The whois command (Post GDPR)
- Wi-Fi phishing / Computer-based
- Wi-Fi Protected Access (WPA)
- about / Attacking WPA and WPA2
- attacking / Attacking WPA and WPA2
- Wi-Fi Protected Access 2 (WPA2)
- about / Attacking WPA and WPA2
- attacking / Attacking WPA and WPA2
- Wi-Fi Protected Setup (WPS) / Attacking wireless routers with Reaver
- WiFi-pineapple adapter / Configuring Kali for wireless attacks
- Windows 10
- fodhelper, using to bypass UAC / Using fodhelper to bypass UAC in Windows 10
- disk cleanup, using to bypass UAC / Using Disk Cleanup to bypass UAC in Windows 10
- Windows Credential Editor (WCE)
- about / Windows Credential Editor
- download link / Windows Credential Editor
- Windows exploit
- developing / Developing a Windows exploit
- vulnerability, identifying via fuzzing / Identifying a vulnerability using fuzzing
- creating / Creating a Windows-specific exploit
- Windows exploit, terms
- registers / Developing a Windows exploit
- x86 / Developing a Windows exploit
- assembly language / Developing a Windows exploit
- buffer / Developing a Windows exploit
- debugger / Developing a Windows exploit
- ShellCode / Developing a Windows exploit
- Windows Management Instrumentation Command Line (WMIC) / WMIC
- Windows operating system controls
- bypassing / Bypassing Windows operating system controls
- User Account Control (UAC) / User Account Control (UAC)
- fileless techniques, using / Using fileless techniques
- Windows operating system controls, categories
- about / Other Windows-specific operating system controls
- access and authorization / Access and authorization
- encryption / Encryption
- system security / System security
- communications security / Communications security
- logging / Auditing and logging
- auditing / Auditing and logging
- Windows PowerShell
- used, for attacking systems / Attacking systems using Windows PowerShell
- Windows Task Scheduler / Using schtasks to configure a persistent task
- Windows UAC
- reference / User Account Control (UAC)
- winenum
- running, on compromised system / The Metasploit Framework
- wireless access point attack vector / The Social Engineering Toolkit (SET)
- wireless attacks
- Kali, configuring for / Configuring Kali for wireless attacks
- wireless reconnaissance / Wireless reconnaissance
- wireless routers
- attacking, with Reaver / Attacking wireless routers with Reaver
- WPA/WPA2
- enterprise implementations, compromising of / Compromising enterprise implementations of WPA/WPA2
- WPA transmission
- attacking / Brute-force attacks
X
- XML injection / XML injection
- XSS attack / The Cross-Site Scripting framework
- xsser / The Cross-Site Scripting framework
- XSSF Tunnel / The Cross-Site Scripting framework
- XSS vulnerabilities
- about / The Cross-Site Scripting framework
- nonpersistent / The Cross-Site Scripting framework
- persistent / The Cross-Site Scripting framework
Z
- zombie / Understanding BeEF Browser